[c-nsp] Pix 501 Terminating Multiple IKE sessions over same tunnel?
Michael K. Smith - Adhost
mksmith at adhost.com
Mon Mar 12 19:32:42 EST 2007
Hello All:
I am trying to configure two IKE sessions over a single tunnel. Here is
the configuration I have:
crypto map TEST 70 ipsec-isakmp
crypto map TEST 70 match address list_1
crypto map TEST 70 set peer 66.x.x.x
crypto map TEST 70 set transform-set TESTSET
crypto map TEST 80 ipsec-isakmp
crypto map TEST 80 match address list_2
crypto map TEST 80 set peer 66.x.x.x
crypto map TEST 80 set transform-set TESTSET
crypto map TEST interface outside
access-list list_2 permit ip 192.168.133.0 255.255.255.0 192.168.213.0
255.255.255.0
access-list list_1 permit ip 192.168.133.0 255.255.255.0 192.168.120.0
255.255.255.0
The remote end is a Netscreen 50. The Phase 1 session gets established
with interesting traffic from list_1, but no interesting traffic from
list_2 gets over the tunnel. Is the configuration above possible? And,
is it possible but I've just messed up the configuration?
Any help would be greatly appreciated.
Thanks,
Mike
More information about the cisco-nsp
mailing list